news agency
This fraud has reached a new level.  They impersonate two companies in one SMS message

This fraud has reached a new level. They impersonate two companies in one SMS message

CSIRT KNF warns against another fraud campaign targeting people shopping online. Poles receive fake SMS messages in which criminals impersonate InPost and Poczta Polska… at the same time. How to protect yourself from fraud?

The Computer Security Incident Response Team published a warning on the X website against another phishing campaign (impersonating a well-known company or institution). Criminals lie in wait for people waiting for products ordered online.

They impersonate Poczta Polska and InPost. They don’t know who they are trying to pretend to be

Fraud is easy to spot, but you need to be careful. In the text messages sent to Poles’ phones, fraudsters impersonate Poczta Polska and inform that the alleged parcel has been delivered to the warehouse, but “the delivery address cannot be determined.” Traditionally, the message contains a link (which would supposedly be used to provide the correct address) and (unusually) a request to reply to the text message.

As specialists from CSIRT KNF showed, the link directs you to a crafted fraud website that initially asks for confidential data (residence address, e-mail, telephone number) and then also extorts payment card details under the pretext of an alleged surcharge. However, the link is styled after the address of InPost’s website, and the website is supposed to resemble the website of this company. Apparently, the fraudsters couldn’t decide whether it was better to impersonate Poczta Polska or InPost.

It is easy to notice, however, that the false address is in the .cc domain (and not .pl), and the crafted website contains several incorrect translations into Polish – including: “Update Immediately”, “Assemble” and “your package” (instead of “your package”).

How to protect yourself from fraud. It is worth reading text messages carefully

It is worth remembering that the basic method of defense against phishing is… common sense. When receiving these types of text messages, you cannot act hastily. It is better to wait and read the message carefully in your free time. Fraud can be detected in seconds. First of all, many fake messages contain language errors, random special characters and lack any details about the alleged package.

The obligatory element of every fake SMS is, of course, a link. Before clicking on any link, check whether it corresponds to the real address of the provider’s website (the differences are often small). Links to scam websites often consist of characteristic words in English, such as: delivery, online, tracking or a random sequence of characters, letters and numbers, and most often appear in foreign domains (e.g. the .cc domain is assigned to the Cocos Islands).

Source: Gazeta

You may also like

Hot News



follow us